2026-05-10 23:12:26 +02:00
import { describe , expect , it } from 'vitest' ;
2026-06-15 14:48:24 +02:00
import { KtxExpectedError , KtxQueryError } from '../../../src/errors.js' ;
fix: read semantic sources safely (#284)
* fix: read semantic sources safely
* test: retarget reindex per-scope error case to a broken manifest
Reading a broken standalone source was made non-fatal in de1f1a8d (it is
surfaced for repair instead of throwing), so the reindex per-scope error
test no longer captured an error. Point it at a corrupt manifest shard,
which is the remaining fatal read failure the per-scope catch must
isolate, and assert the captured error names the offending file.
* fix(sl): decouple semantic-layer file names from warehouse naming rules
The in-file `name:` field is now the sole source identity; the filename is
a derived label that never participates in identity. This removes the
"Unsafe semantic-layer source name" failure class entirely: any warehouse
identifier (Snowflake's uppercase SIGNED_UP, EVENT$LOG, dotted names) can
be read, overlaid, edited, and deleted.
- New `source-files.ts`: one total filename derivation (safe lowercase
names verbatim; otherwise slug + sha256-hash suffix, immune to
case-insensitive-filesystem collisions) and one by-name file resolver.
- Reads resolve by name everywhere; the path-from-name fast path and
`assertSafeSourceName` are gone.
- Writes resolve-then-write: rewrites land on the file that declares the
name (human renames survive); new sources get a derived filename; a
derived path occupied by a different source fails instead of clobbering.
- `readSourceFile` returns null for missing files instead of forcing every
caller to launder IO errors; `deleteSource` distinguishes manifest-backed
sources from not-found instead of silently succeeding.
- `sl_write_source` accepts verbatim warehouse identifiers (snake_case is
now a recommendation for new sources) and rejects sourceName/source.name
mismatches; `sl_edit_source` rejects name-changing edits.
- Ingest projection commits, gate-repair allowlists, and touched-source
derivation use resolved paths / in-file names instead of interpolating
`<connId>/<name>.yaml`.
- Collapsed the five parallel path derivations and duplicated path-token
helpers onto the shared module; dropped dead service methods.
* fix(sl): resolve sources by declared name end-to-end and gate warehouse SQL with the parser-backed validator
- Key broken/renamed semantic-layer files by their recoverable in-file
name (slSourceNameForFile) so mid-edit sources stay reachable under
their real identity in reads, listings, and search
- Derive finalization touched sources from composed-source diffs and
recover deleted files' declared names from the pre-change commit
instead of parsing hash-derived filenames
- Resolve revert/rollback paths against history (listFilesAtCommit) so
human-renamed files are restored where they lived at preHead
- Validate ingest sql_execution through the daemon's sqlglot
validateReadOnly in the connection's dialect, sharing one
driver-to-dialect map (sql-analysis/dialect.ts) across MCP and ingest
- Harden the local read-only SQL backstop: accept leading comments,
reject smuggled second statements, and strip trailing
semicolons/comments before row-limit wrapping
2026-06-10 14:06:13 +02:00
import {
assertReadOnlySql ,
2026-06-23 15:03:46 +02:00
hoistLeadingCte ,
fix: read semantic sources safely (#284)
* fix: read semantic sources safely
* test: retarget reindex per-scope error case to a broken manifest
Reading a broken standalone source was made non-fatal in de1f1a8d (it is
surfaced for repair instead of throwing), so the reindex per-scope error
test no longer captured an error. Point it at a corrupt manifest shard,
which is the remaining fatal read failure the per-scope catch must
isolate, and assert the captured error names the offending file.
* fix(sl): decouple semantic-layer file names from warehouse naming rules
The in-file `name:` field is now the sole source identity; the filename is
a derived label that never participates in identity. This removes the
"Unsafe semantic-layer source name" failure class entirely: any warehouse
identifier (Snowflake's uppercase SIGNED_UP, EVENT$LOG, dotted names) can
be read, overlaid, edited, and deleted.
- New `source-files.ts`: one total filename derivation (safe lowercase
names verbatim; otherwise slug + sha256-hash suffix, immune to
case-insensitive-filesystem collisions) and one by-name file resolver.
- Reads resolve by name everywhere; the path-from-name fast path and
`assertSafeSourceName` are gone.
- Writes resolve-then-write: rewrites land on the file that declares the
name (human renames survive); new sources get a derived filename; a
derived path occupied by a different source fails instead of clobbering.
- `readSourceFile` returns null for missing files instead of forcing every
caller to launder IO errors; `deleteSource` distinguishes manifest-backed
sources from not-found instead of silently succeeding.
- `sl_write_source` accepts verbatim warehouse identifiers (snake_case is
now a recommendation for new sources) and rejects sourceName/source.name
mismatches; `sl_edit_source` rejects name-changing edits.
- Ingest projection commits, gate-repair allowlists, and touched-source
derivation use resolved paths / in-file names instead of interpolating
`<connId>/<name>.yaml`.
- Collapsed the five parallel path derivations and duplicated path-token
helpers onto the shared module; dropped dead service methods.
* fix(sl): resolve sources by declared name end-to-end and gate warehouse SQL with the parser-backed validator
- Key broken/renamed semantic-layer files by their recoverable in-file
name (slSourceNameForFile) so mid-edit sources stay reachable under
their real identity in reads, listings, and search
- Derive finalization touched sources from composed-source diffs and
recover deleted files' declared names from the pre-change commit
instead of parsing hash-derived filenames
- Resolve revert/rollback paths against history (listFilesAtCommit) so
human-renamed files are restored where they lived at preHead
- Validate ingest sql_execution through the daemon's sqlglot
validateReadOnly in the connection's dialect, sharing one
driver-to-dialect map (sql-analysis/dialect.ts) across MCP and ingest
- Harden the local read-only SQL backstop: accept leading comments,
reject smuggled second statements, and strip trailing
semicolons/comments before row-limit wrapping
2026-06-10 14:06:13 +02:00
limitSqlForExecution ,
stripTrailingSqlNoise ,
} from '../../../src/context/connections/read-only-sql.js' ;
2026-05-10 23:12:26 +02:00
describe ( 'assertReadOnlySql' , ( ) = > {
it ( 'allows select and with queries' , ( ) = > {
expect ( assertReadOnlySql ( 'select * from orders' ) ) . toBe ( 'select * from orders' ) ;
expect ( assertReadOnlySql ( 'with paid as (select * from orders) select * from paid' ) ) . toContain ( 'with paid' ) ;
} ) ;
it ( 'rejects mutating statements before opening a database connection' , ( ) = > {
expect ( ( ) = > assertReadOnlySql ( 'delete from orders' ) ) . toThrow (
'Only read-only SELECT/WITH queries can be executed locally' ,
) ;
expect ( ( ) = > assertReadOnlySql ( 'create table x(id int)' ) ) . toThrow (
'Only read-only SELECT/WITH queries can be executed locally' ,
) ;
} ) ;
fix: read semantic sources safely (#284)
* fix: read semantic sources safely
* test: retarget reindex per-scope error case to a broken manifest
Reading a broken standalone source was made non-fatal in de1f1a8d (it is
surfaced for repair instead of throwing), so the reindex per-scope error
test no longer captured an error. Point it at a corrupt manifest shard,
which is the remaining fatal read failure the per-scope catch must
isolate, and assert the captured error names the offending file.
* fix(sl): decouple semantic-layer file names from warehouse naming rules
The in-file `name:` field is now the sole source identity; the filename is
a derived label that never participates in identity. This removes the
"Unsafe semantic-layer source name" failure class entirely: any warehouse
identifier (Snowflake's uppercase SIGNED_UP, EVENT$LOG, dotted names) can
be read, overlaid, edited, and deleted.
- New `source-files.ts`: one total filename derivation (safe lowercase
names verbatim; otherwise slug + sha256-hash suffix, immune to
case-insensitive-filesystem collisions) and one by-name file resolver.
- Reads resolve by name everywhere; the path-from-name fast path and
`assertSafeSourceName` are gone.
- Writes resolve-then-write: rewrites land on the file that declares the
name (human renames survive); new sources get a derived filename; a
derived path occupied by a different source fails instead of clobbering.
- `readSourceFile` returns null for missing files instead of forcing every
caller to launder IO errors; `deleteSource` distinguishes manifest-backed
sources from not-found instead of silently succeeding.
- `sl_write_source` accepts verbatim warehouse identifiers (snake_case is
now a recommendation for new sources) and rejects sourceName/source.name
mismatches; `sl_edit_source` rejects name-changing edits.
- Ingest projection commits, gate-repair allowlists, and touched-source
derivation use resolved paths / in-file names instead of interpolating
`<connId>/<name>.yaml`.
- Collapsed the five parallel path derivations and duplicated path-token
helpers onto the shared module; dropped dead service methods.
* fix(sl): resolve sources by declared name end-to-end and gate warehouse SQL with the parser-backed validator
- Key broken/renamed semantic-layer files by their recoverable in-file
name (slSourceNameForFile) so mid-edit sources stay reachable under
their real identity in reads, listings, and search
- Derive finalization touched sources from composed-source diffs and
recover deleted files' declared names from the pre-change commit
instead of parsing hash-derived filenames
- Resolve revert/rollback paths against history (listFilesAtCommit) so
human-renamed files are restored where they lived at preHead
- Validate ingest sql_execution through the daemon's sqlglot
validateReadOnly in the connection's dialect, sharing one
driver-to-dialect map (sql-analysis/dialect.ts) across MCP and ingest
- Harden the local read-only SQL backstop: accept leading comments,
reject smuggled second statements, and strip trailing
semicolons/comments before row-limit wrapping
2026-06-10 14:06:13 +02:00
2026-06-15 14:48:24 +02:00
// A guard refusing the agent's SQL is an expected outcome; classifying it as
// KtxQueryError keeps reportException from filing it as a ktx fault.
it ( 'rejects with an expected KtxQueryError, not a bare Error' , ( ) = > {
expect ( ( ) = > assertReadOnlySql ( 'delete from orders' ) ) . toThrow ( KtxQueryError ) ;
expect ( ( ) = > assertReadOnlySql ( 'describe orders' ) ) . toThrow ( KtxQueryError ) ;
expect ( ( ) = > assertReadOnlySql ( 'select 1; drop table orders' ) ) . toThrow ( KtxQueryError ) ;
try {
assertReadOnlySql ( 'describe orders' ) ;
expect . unreachable ( 'expected a throw' ) ;
} catch ( error ) {
expect ( error ) . toBeInstanceOf ( KtxExpectedError ) ;
}
} ) ;
fix: read semantic sources safely (#284)
* fix: read semantic sources safely
* test: retarget reindex per-scope error case to a broken manifest
Reading a broken standalone source was made non-fatal in de1f1a8d (it is
surfaced for repair instead of throwing), so the reindex per-scope error
test no longer captured an error. Point it at a corrupt manifest shard,
which is the remaining fatal read failure the per-scope catch must
isolate, and assert the captured error names the offending file.
* fix(sl): decouple semantic-layer file names from warehouse naming rules
The in-file `name:` field is now the sole source identity; the filename is
a derived label that never participates in identity. This removes the
"Unsafe semantic-layer source name" failure class entirely: any warehouse
identifier (Snowflake's uppercase SIGNED_UP, EVENT$LOG, dotted names) can
be read, overlaid, edited, and deleted.
- New `source-files.ts`: one total filename derivation (safe lowercase
names verbatim; otherwise slug + sha256-hash suffix, immune to
case-insensitive-filesystem collisions) and one by-name file resolver.
- Reads resolve by name everywhere; the path-from-name fast path and
`assertSafeSourceName` are gone.
- Writes resolve-then-write: rewrites land on the file that declares the
name (human renames survive); new sources get a derived filename; a
derived path occupied by a different source fails instead of clobbering.
- `readSourceFile` returns null for missing files instead of forcing every
caller to launder IO errors; `deleteSource` distinguishes manifest-backed
sources from not-found instead of silently succeeding.
- `sl_write_source` accepts verbatim warehouse identifiers (snake_case is
now a recommendation for new sources) and rejects sourceName/source.name
mismatches; `sl_edit_source` rejects name-changing edits.
- Ingest projection commits, gate-repair allowlists, and touched-source
derivation use resolved paths / in-file names instead of interpolating
`<connId>/<name>.yaml`.
- Collapsed the five parallel path derivations and duplicated path-token
helpers onto the shared module; dropped dead service methods.
* fix(sl): resolve sources by declared name end-to-end and gate warehouse SQL with the parser-backed validator
- Key broken/renamed semantic-layer files by their recoverable in-file
name (slSourceNameForFile) so mid-edit sources stay reachable under
their real identity in reads, listings, and search
- Derive finalization touched sources from composed-source diffs and
recover deleted files' declared names from the pre-change commit
instead of parsing hash-derived filenames
- Resolve revert/rollback paths against history (listFilesAtCommit) so
human-renamed files are restored where they lived at preHead
- Validate ingest sql_execution through the daemon's sqlglot
validateReadOnly in the connection's dialect, sharing one
driver-to-dialect map (sql-analysis/dialect.ts) across MCP and ingest
- Harden the local read-only SQL backstop: accept leading comments,
reject smuggled second statements, and strip trailing
semicolons/comments before row-limit wrapping
2026-06-10 14:06:13 +02:00
it ( 'accepts read-only queries that begin with leading comments' , ( ) = > {
expect ( assertReadOnlySql ( '-- daily widget sales\nselect count(*) from public.widget_sales' ) ) . toBe (
'select count(*) from public.widget_sales' ,
) ;
expect ( assertReadOnlySql ( '/* block */\n with paid as (select 1) select * from paid' ) ) . toContain ( 'with paid' ) ;
} ) ;
it ( 'still rejects mutating statements hidden behind leading comments' , ( ) = > {
expect ( ( ) = > assertReadOnlySql ( '-- harmless\n delete from orders' ) ) . toThrow (
'Only read-only SELECT/WITH queries can be executed locally' ,
) ;
} ) ;
it ( 'rejects a second statement smuggled after a semicolon' , ( ) = > {
expect ( ( ) = > assertReadOnlySql ( 'select 1; drop table orders' ) ) . toThrow (
'Only one SQL statement can be executed.' ,
) ;
expect ( ( ) = > assertReadOnlySql ( 'select 1;\n-- pad\ndelete from orders' ) ) . toThrow (
'Only one SQL statement can be executed.' ,
) ;
expect ( ( ) = > assertReadOnlySql ( 'select 1; /* pad */ truncate orders;' ) ) . toThrow (
'Only one SQL statement can be executed.' ,
) ;
} ) ;
it ( 'accepts trailing semicolons, including repeated ones followed by comments' , ( ) = > {
expect ( assertReadOnlySql ( 'select 1;' ) ) . toBe ( 'select 1;' ) ;
expect ( assertReadOnlySql ( 'select 1 ;; \n' ) ) . toBe ( 'select 1 ;;' ) ;
expect ( assertReadOnlySql ( 'select 1; -- done' ) ) . toBe ( 'select 1; -- done' ) ;
} ) ;
it ( 'ignores semicolons inside string literals, quoted identifiers, and comments' , ( ) = > {
expect ( assertReadOnlySql ( "select string_agg(name, '; ') from t" ) ) . toBe ( "select string_agg(name, '; ') from t" ) ;
expect ( assertReadOnlySql ( "select 'it''s; quoted' from t" ) ) . toBe ( "select 'it''s; quoted' from t" ) ;
expect ( assertReadOnlySql ( 'select ";" from "t;u"' ) ) . toBe ( 'select ";" from "t;u"' ) ;
expect ( assertReadOnlySql ( 'select 1 -- tail; comment' ) ) . toBe ( 'select 1 -- tail; comment' ) ;
expect ( assertReadOnlySql ( 'select 1 /* a;b */ + 2' ) ) . toBe ( 'select 1 /* a;b */ + 2' ) ;
} ) ;
it ( 'rejects statements smuggled after a string literal that closes a semicolon early' , ( ) = > {
expect ( ( ) = > assertReadOnlySql ( "select 'a'; delete from orders" ) ) . toThrow (
'Only one SQL statement can be executed.' ,
) ;
} ) ;
2026-05-10 23:12:26 +02:00
} ) ;
2026-06-23 15:03:46 +02:00
describe ( 'hoistLeadingCte' , ( ) = > {
it ( 'leaves non-CTE SQL untouched' , ( ) = > {
expect ( hoistLeadingCte ( 'select * from orders' ) ) . toEqual ( {
withPrefix : '' ,
body : 'select * from orders' ,
} ) ;
} ) ;
it ( 'splits a single leading CTE from the main query' , ( ) = > {
expect ( hoistLeadingCte ( 'WITH paid AS (SELECT * FROM orders) SELECT * FROM paid' ) ) . toEqual ( {
withPrefix : 'WITH paid AS (SELECT * FROM orders) ' ,
body : 'SELECT * FROM paid' ,
} ) ;
} ) ;
it ( 'splits multiple CTEs, recursive CTEs, column lists, and UNION bodies' , ( ) = > {
expect (
hoistLeadingCte (
'WITH RECURSIVE nodes(id, parent_id) AS (SELECT id, parent_id FROM roots UNION ALL SELECT child.id, child.parent_id FROM child JOIN nodes ON child.parent_id = nodes.id), totals AS (SELECT count(*) AS total FROM nodes) SELECT total FROM totals' ,
) ,
) . toEqual ( {
withPrefix :
'WITH RECURSIVE nodes(id, parent_id) AS (SELECT id, parent_id FROM roots UNION ALL SELECT child.id, child.parent_id FROM child JOIN nodes ON child.parent_id = nodes.id), totals AS (SELECT count(*) AS total FROM nodes) ' ,
body : 'SELECT total FROM totals' ,
} ) ;
} ) ;
it ( 'ignores WITH, commas, and closing parens inside literals, identifiers, and comments' , ( ) = > {
expect (
hoistLeadingCte (
` WITH tricky AS (
SELECT 'WITH x AS (SELECT 1), nope' AS "value, )"
FROM orders
WHERE note = ')'
/* comment ), next AS (SELECT 1) */
) SELECT * FROM tricky ` ,
) ,
) . toEqual ( {
withPrefix : ` WITH tricky AS (
SELECT 'WITH x AS (SELECT 1), nope' AS "value, )"
FROM orders
WHERE note = ')'
/* comment ), next AS (SELECT 1) */
) ` ,
body : 'SELECT * FROM tricky' ,
} ) ;
} ) ;
it ( 'falls back to the legacy whole-query body when the CTE is malformed' , ( ) = > {
const malformed = 'WITH broken AS (SELECT * FROM orders SELECT * FROM broken' ;
expect ( hoistLeadingCte ( malformed ) ) . toEqual ( { withPrefix : '' , body : malformed } ) ;
} ) ;
} ) ;
2026-05-10 23:12:26 +02:00
describe ( 'limitSqlForExecution' , ( ) = > {
it ( 'wraps compiled SQL and strips trailing semicolons' , ( ) = > {
expect ( limitSqlForExecution ( 'select * from public.orders; ' , 25 ) ) . toBe (
2026-05-10 23:51:24 +02:00
'select * from (select * from public.orders) as ktx_query_result limit 25' ,
2026-05-10 23:12:26 +02:00
) ;
} ) ;
it ( 'returns the trimmed SQL when no maxRows value is provided' , ( ) = > {
expect ( limitSqlForExecution ( 'select * from orders; ' , undefined ) ) . toBe ( 'select * from orders' ) ;
} ) ;
fix: read semantic sources safely (#284)
* fix: read semantic sources safely
* test: retarget reindex per-scope error case to a broken manifest
Reading a broken standalone source was made non-fatal in de1f1a8d (it is
surfaced for repair instead of throwing), so the reindex per-scope error
test no longer captured an error. Point it at a corrupt manifest shard,
which is the remaining fatal read failure the per-scope catch must
isolate, and assert the captured error names the offending file.
* fix(sl): decouple semantic-layer file names from warehouse naming rules
The in-file `name:` field is now the sole source identity; the filename is
a derived label that never participates in identity. This removes the
"Unsafe semantic-layer source name" failure class entirely: any warehouse
identifier (Snowflake's uppercase SIGNED_UP, EVENT$LOG, dotted names) can
be read, overlaid, edited, and deleted.
- New `source-files.ts`: one total filename derivation (safe lowercase
names verbatim; otherwise slug + sha256-hash suffix, immune to
case-insensitive-filesystem collisions) and one by-name file resolver.
- Reads resolve by name everywhere; the path-from-name fast path and
`assertSafeSourceName` are gone.
- Writes resolve-then-write: rewrites land on the file that declares the
name (human renames survive); new sources get a derived filename; a
derived path occupied by a different source fails instead of clobbering.
- `readSourceFile` returns null for missing files instead of forcing every
caller to launder IO errors; `deleteSource` distinguishes manifest-backed
sources from not-found instead of silently succeeding.
- `sl_write_source` accepts verbatim warehouse identifiers (snake_case is
now a recommendation for new sources) and rejects sourceName/source.name
mismatches; `sl_edit_source` rejects name-changing edits.
- Ingest projection commits, gate-repair allowlists, and touched-source
derivation use resolved paths / in-file names instead of interpolating
`<connId>/<name>.yaml`.
- Collapsed the five parallel path derivations and duplicated path-token
helpers onto the shared module; dropped dead service methods.
* fix(sl): resolve sources by declared name end-to-end and gate warehouse SQL with the parser-backed validator
- Key broken/renamed semantic-layer files by their recoverable in-file
name (slSourceNameForFile) so mid-edit sources stay reachable under
their real identity in reads, listings, and search
- Derive finalization touched sources from composed-source diffs and
recover deleted files' declared names from the pre-change commit
instead of parsing hash-derived filenames
- Resolve revert/rollback paths against history (listFilesAtCommit) so
human-renamed files are restored where they lived at preHead
- Validate ingest sql_execution through the daemon's sqlglot
validateReadOnly in the connection's dialect, sharing one
driver-to-dialect map (sql-analysis/dialect.ts) across MCP and ingest
- Harden the local read-only SQL backstop: accept leading comments,
reject smuggled second statements, and strip trailing
semicolons/comments before row-limit wrapping
2026-06-10 14:06:13 +02:00
it ( 'strips leading comments before wrapping with a row limit' , ( ) = > {
expect ( limitSqlForExecution ( '-- top customers\nselect * from public.orders' , 25 ) ) . toBe (
'select * from (select * from public.orders) as ktx_query_result limit 25' ,
) ;
} ) ;
2026-06-23 15:03:46 +02:00
it ( 'hoists leading CTEs before applying the generic LIMIT wrapper' , ( ) = > {
expect ( limitSqlForExecution ( 'WITH paid AS (SELECT * FROM orders) SELECT * FROM paid' , 25 ) ) . toBe (
'WITH paid AS (SELECT * FROM orders) select * from (SELECT * FROM paid) as ktx_query_result limit 25' ,
) ;
} ) ;
it ( 'keeps the generic wrapper byte-identical for non-CTE SQL' , ( ) = > {
expect ( limitSqlForExecution ( 'select id, status from public.orders' , 25 ) ) . toBe (
'select * from (select id, status from public.orders) as ktx_query_result limit 25' ,
) ;
} ) ;
fix: read semantic sources safely (#284)
* fix: read semantic sources safely
* test: retarget reindex per-scope error case to a broken manifest
Reading a broken standalone source was made non-fatal in de1f1a8d (it is
surfaced for repair instead of throwing), so the reindex per-scope error
test no longer captured an error. Point it at a corrupt manifest shard,
which is the remaining fatal read failure the per-scope catch must
isolate, and assert the captured error names the offending file.
* fix(sl): decouple semantic-layer file names from warehouse naming rules
The in-file `name:` field is now the sole source identity; the filename is
a derived label that never participates in identity. This removes the
"Unsafe semantic-layer source name" failure class entirely: any warehouse
identifier (Snowflake's uppercase SIGNED_UP, EVENT$LOG, dotted names) can
be read, overlaid, edited, and deleted.
- New `source-files.ts`: one total filename derivation (safe lowercase
names verbatim; otherwise slug + sha256-hash suffix, immune to
case-insensitive-filesystem collisions) and one by-name file resolver.
- Reads resolve by name everywhere; the path-from-name fast path and
`assertSafeSourceName` are gone.
- Writes resolve-then-write: rewrites land on the file that declares the
name (human renames survive); new sources get a derived filename; a
derived path occupied by a different source fails instead of clobbering.
- `readSourceFile` returns null for missing files instead of forcing every
caller to launder IO errors; `deleteSource` distinguishes manifest-backed
sources from not-found instead of silently succeeding.
- `sl_write_source` accepts verbatim warehouse identifiers (snake_case is
now a recommendation for new sources) and rejects sourceName/source.name
mismatches; `sl_edit_source` rejects name-changing edits.
- Ingest projection commits, gate-repair allowlists, and touched-source
derivation use resolved paths / in-file names instead of interpolating
`<connId>/<name>.yaml`.
- Collapsed the five parallel path derivations and duplicated path-token
helpers onto the shared module; dropped dead service methods.
* fix(sl): resolve sources by declared name end-to-end and gate warehouse SQL with the parser-backed validator
- Key broken/renamed semantic-layer files by their recoverable in-file
name (slSourceNameForFile) so mid-edit sources stay reachable under
their real identity in reads, listings, and search
- Derive finalization touched sources from composed-source diffs and
recover deleted files' declared names from the pre-change commit
instead of parsing hash-derived filenames
- Resolve revert/rollback paths against history (listFilesAtCommit) so
human-renamed files are restored where they lived at preHead
- Validate ingest sql_execution through the daemon's sqlglot
validateReadOnly in the connection's dialect, sharing one
driver-to-dialect map (sql-analysis/dialect.ts) across MCP and ingest
- Harden the local read-only SQL backstop: accept leading comments,
reject smuggled second statements, and strip trailing
semicolons/comments before row-limit wrapping
2026-06-10 14:06:13 +02:00
it ( 'drops a trailing semicolon followed by a comment so the subquery stays valid' , ( ) = > {
// The single-statement gate accepts `select 1; -- done`; without stripping
// the terminator the wrapper would embed `select 1; -- done` and comment out
// the closing paren and limit clause.
expect ( limitSqlForExecution ( 'select 1; -- done' , 5 ) ) . toBe (
'select * from (select 1) as ktx_query_result limit 5' ,
) ;
expect ( limitSqlForExecution ( 'select 1; /* note */' , 5 ) ) . toBe (
'select * from (select 1) as ktx_query_result limit 5' ,
) ;
} ) ;
it ( 'drops a trailing line comment with no semicolon before wrapping' , ( ) = > {
expect ( limitSqlForExecution ( 'select 1 -- done' , 5 ) ) . toBe ( 'select * from (select 1) as ktx_query_result limit 5' ) ;
} ) ;
} ) ;
describe ( 'stripTrailingSqlNoise' , ( ) = > {
it ( 'removes trailing semicolons, comments, and whitespace' , ( ) = > {
expect ( stripTrailingSqlNoise ( 'select 1;' ) ) . toBe ( 'select 1' ) ;
expect ( stripTrailingSqlNoise ( 'select 1 ;; ' ) ) . toBe ( 'select 1' ) ;
expect ( stripTrailingSqlNoise ( 'select 1; -- done' ) ) . toBe ( 'select 1' ) ;
expect ( stripTrailingSqlNoise ( 'select 1 -- done' ) ) . toBe ( 'select 1' ) ;
expect ( stripTrailingSqlNoise ( 'select 1; /* trailing */' ) ) . toBe ( 'select 1' ) ;
} ) ;
it ( 'preserves semicolons and comment markers inside literals and mid-statement' , ( ) = > {
expect ( stripTrailingSqlNoise ( "select 'a; -- b'" ) ) . toBe ( "select 'a; -- b'" ) ;
expect ( stripTrailingSqlNoise ( 'select 1 /* a;b */ + 2' ) ) . toBe ( 'select 1 /* a;b */ + 2' ) ;
expect ( stripTrailingSqlNoise ( 'select ";" from "t;u"' ) ) . toBe ( 'select ";" from "t;u"' ) ;
} ) ;
2026-05-10 23:12:26 +02:00
} ) ;
